PT-2006-2395 · Twiki · Twiki

Sergej Zagursky

Published

2006-03-26

Updated

2017-07-20

CVE-2006-1386

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TWiki versions 4.0 through 4.0.1

Description The issue concerns the rdiff and preview scripts in TWiki, which ignore access control settings. This allows remote attackers to read restricted areas and access restricted content in TWiki topics.

Recommendations For TWiki versions 4.0 through 4.0.1, consider disabling the rdiff and preview scripts until a patch is available to prevent remote attackers from accessing restricted content.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1386

Affected Products

Twiki

PT-2006-2395 · Twiki · Twiki

CVE-2006-1386

Related Identifiers

Affected Products

References · 8